0

I'm pretty new to Docker and I'm trying to Dockerize a particular tool that is difficult to run on different platforms. For some reason the ENTRYPOINT and CMD commands are not working as I would expect.

What is baffling me is that when I run a script from inside the container, the script works, but when I run what I think is the exact same thing passing in runtime arguments, I get a completely different response from the script. I would expect them to be the same.

Here is my Dockerfile

FROM ubuntu:latest

RUN apt-get -y update
RUN apt-get -y install build-essential flex bison

COPY . /unicornscan
WORKDIR /unicornscan

RUN patch src/unilib/tsc.c patches/unicornscan-0.4.7-gcc5.patch
RUN ./configure CFLAGS=-D_GNU_SOURCE --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-bundled-ltdl
RUN make
RUN make install

ENTRYPOINT ["/usr/bin/unicornscan"]
CMD []

When I remove the entrypoint and cmd from the dockerfile and then run:

docker run -it test/image:1.0 sh

I am in the container. I then run:

/bin/sh -c "unicornscan -I -msf 22.22.22.22:a"

It starts telling me which ports are open on IP 22.22.22.22, which is what this tool is supposed to do.

Now, I add the entrypoint and cmd command back, rebuild, and then I run

docker run test/image:1.0 -I -msf 22.22.22.22:a

Now I get this output from the tool:

Send exiting ack, parent died?: system error No such file or directory

Every time I repeat this process the same thing happens, so my quesiton is, why? What is the difference between the two commands. I was under the impression that they were exactly the same.

John Jacobs
  • 1
  • Have a look - https://stackoverflow.com/questions/21553353/what-is-the-difference-between-cmd-and-entrypoint-in-a-dockerfile/39408777#39408777 – Rafaf Tahsin Sep 02 '19 at 03:42

2 Answers2

0

ENTRYPOINT ["/usr/bin/unicornscan"] executes unicornscan without bash, with PID 1 and allows it to receive signals like SIGTERM.

/bin/sh -c "unicornscan -I -msf 22.22.22.22:a" runs unicornscan as child process of /bin/sh.

I don't know anything abount unicornscan, but I'd try changing your ENTRYPOINT to ["/bin/sh", "-c", "/usr/bin/unicornscan"] and seeing what happens.

cfelipe
  • 327
  • 1
  • 9
  • Thanks for the answer. I tried this but im unable to pass arguments to unicornscan. I tried ["/bin/sh", "-c", "/usr/bin/unicornscan $options"] and then passing in -e options="-I -msf 22.22.22.22:a" and that actually works but its pretty ugly. Wondering if there is a best practice I'm missing. – John Jacobs Sep 02 '19 at 04:39
  • Your original `ENTRYPOINT ["/usr/bin/unicornscan"]` is considered the best practice. That said, `unicornscan`might have some particularity that requires a hack. Why don't you create a public repo for that Docker image? It will be helpful to others and maybe one day someone can PR this issue ;) – cfelipe Sep 02 '19 at 19:54
0

If anyone in the future runs into this, this is how I solved it.

Dockerfile:

FROM ubuntu:latest

RUN apt-get -y update
RUN apt-get -y install build-essential flex bison

COPY . /unicornscan
WORKDIR /unicornscan

RUN patch src/unilib/tsc.c patches/unicornscan-0.4.7-gcc5.patch
RUN ./configure CFLAGS=-D_GNU_SOURCE --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-bundled-ltdl
RUN make
RUN make install
RUN chmod +x entrypoint.sh
ENTRYPOINT ["/unicornscan/entrypoint.sh"]
CMD []

/unicornscan/entrypoint.sh :

#!/bin/bash
unicornscan "$@"

It turned out when I originally ran:

docker run test/image:1.0 -I -msf 22.22.22.22:a

It was interpreted as:

/bin/sh -c unicornscan -I -msf 22.22.22.22:a

With the wrapper script, it is now interpreted as:

/bin/sh -c "unicornscan -I -msf 22.22.22.22:a"
John Jacobs
  • 1